Fortinet white logo
Fortinet white logo

Administration Guide

Configuring Microsoft 365 accounts

Configuring Microsoft 365 accounts

Before you can scan email in Microsoft 365 mailboxes, you must connect to Microsoft 365.

Adding your Microsoft 365 account in FortiMail requires that you provide your Tenant ID, Application ID, and Application Secret.

When acquiring the Tenant ID and Application ID from MS365, you must also grant consent permissions for the admin.

Add the following permissions for the admin in MS365:

  • User.Read.All
  • Mail.ReadWrite
  • Mail.Send
  • GroupMember.Read.All

Note that User.Read is added by default.

To create an Microsoft 365 account
  1. Go to View > Microsoft 365 View.
  2. Go to .
  3. Click New.
  4. Enter the Tenant ID, Application ID, Application Secret, and a Description.
  5. You receive log on credentials when you create the custom application on Microsoft Azure. For details, see the Azure documentation.

  6. Select a regional Service Endpoint appropriate to your geographical location.

  7. Optionally, click New under User Filter Setting to configure user filter settings.

  8. Enable Status, select the appropriate user Type, and specify additional options depending upon the filter type selected, then click Create.

  9. When finished configuring the account, click Create.

If successful, the account will appear in the account list and FortiMail is connected to Microsoft 365.

Click View User List to view the following email user information under the selected Microsoft 365 account:

  • Status: Displays whether the user is subscribed or not.

  • Email: User names of the email users on the Microsoft 365 account.

  • Expiry Date: Subscription expiry date and time to notifications of the user's real-time email.

Configuring Microsoft 365 accounts

Configuring Microsoft 365 accounts

Before you can scan email in Microsoft 365 mailboxes, you must connect to Microsoft 365.

Adding your Microsoft 365 account in FortiMail requires that you provide your Tenant ID, Application ID, and Application Secret.

When acquiring the Tenant ID and Application ID from MS365, you must also grant consent permissions for the admin.

Add the following permissions for the admin in MS365:

  • User.Read.All
  • Mail.ReadWrite
  • Mail.Send
  • GroupMember.Read.All

Note that User.Read is added by default.

To create an Microsoft 365 account
  1. Go to View > Microsoft 365 View.
  2. Go to .
  3. Click New.
  4. Enter the Tenant ID, Application ID, Application Secret, and a Description.
  5. You receive log on credentials when you create the custom application on Microsoft Azure. For details, see the Azure documentation.

  6. Select a regional Service Endpoint appropriate to your geographical location.

  7. Optionally, click New under User Filter Setting to configure user filter settings.

  8. Enable Status, select the appropriate user Type, and specify additional options depending upon the filter type selected, then click Create.

  9. When finished configuring the account, click Create.

If successful, the account will appear in the account list and FortiMail is connected to Microsoft 365.

Click View User List to view the following email user information under the selected Microsoft 365 account:

  • Status: Displays whether the user is subscribed or not.

  • Email: User names of the email users on the Microsoft 365 account.

  • Expiry Date: Subscription expiry date and time to notifications of the user's real-time email.